<!--#include file="conn.asp"-->
<!--#include file="const.asp"-->
<%
'管理帐号和密码
Dim siteUserName,sitePassWord
siteUserName="admin"
sitePassWord="admin"
if Request("content")<>"" then
	'save content
	saveContent()
else
	header()
	Select Case Request.QueryString("action")
		Case "del"
			del()
		Case "login"
			login()	
		Case "logout"
			logout()
		Case Else
			if founduser then
				showlist()
			else
				main()
			end if
	End Select
	footer()
end if

'公共头
Sub header()
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Feedback</title>
<style type="text/css">
* { font-size:12px; font-family:Verdana; }
body { background:#f5f5f5; }
ul { padding:0; margin:0; }
</style>
<script type="text/javascript">
function makesure() {
	if (confirm("确定要删除吗？")) {
		return true;
	}
	return false;
}
</script>
</head>
<body>
<%
end sub

Sub showlist()
%>
<div><a href="index.asp?action=logout">退出</a></div>
<div style="margin:10px 0px">
  <%
set rs=conn.execute("select * from gbook order by addtime DESC ")
Dim i
i=1
if not rs.eof then
	Do Until rs.EOF
  %>
  <div style="position:relative;border:1px dashed #cccccc;margin-bottom:10px;padding:5px 5px;background:#ffffff;">
    <div style="position:absolute;"><%=i%> <a href="index.asp?action=del&id=<%=rs("id")%>" onclick="return makesure();">[删除]</a></div>
    <div style="padding-left:70px;">
      <div style="margin-bottom:5px;"><%=rs("content")%></div>
      <div style="color:#999;"><%=rs("addtime")%></div>
    </div>
  </div>
  <%
  	i=i+1
	rs.MoveNext
	loop
else
	Response.Write("未找到记录！")
end if
rs.close
set rs=nothing
%>
</div>
<%
End Sub

sub main()
%>
<table border="0" cellpadding="2" cellspacing="1">
  <form action="index.asp?action=login" method="post" onSubmit="return check(this);">
    <tr>
      <th colspan="2" align="left">用户登录:</th>
    </tr>
    <tr>
      <td align="right">用户名：</td>
      <td><input name="username" type="text" /></td>
    </tr>
    <tr>
      <td align="right">密　码：</td>
      <td><input name="password" type="password" /></td>
    </tr>
    <tr>
      <td width="10%">&nbsp;</td>
      <td width="90%"><input name="submit" type="submit" value="登录" style="width:50px;" /></td>
    </tr>
  </form>
</table>
<script type="text/javascript">
function check(o){
	if(o.username.value==""){
		alert("用户名不能为空！");
		o.username.focus();
		return false;
	}
	if(o.password.value==""){
		alert("用户密码不能为空！");
		o.password.focus();
		return false;
	}
	return true;
}
</script>
<%
end sub

sub goback(msg)
%>
<script type="text/javascript">
alert("<%=msg%>");
window.location = "index.asp";
</script>
<%
end sub

Sub saveContent()
	Dim content
	content=CheckStr(Request("content"))
	sql = "insert into gbook "
	sql = sql & "(content,addtime) values("
	sql = sql & "'"&content&"',"&SqlNowString&")"
	conn.execute(sql)
end sub

Sub del()
	Dim id
	id=CheckStr(Request("id"))
	if founduser and id<>"" then
		conn.execute("delete from gbook where id = "&id&" ")
		Response.Redirect(Request.ServerVariables("HTTP_REFERER"))
	else 
		goback("没有权限或者id错误")
	end if
end sub

sub login()
	Dim UserName,PassWord
	UserName=Request.Form("username")
	PassWord=Request.Form("password")
	if UserName=siteUserName and PassWord=sitePassWord then
		'session超时时间
		Session.Timeout = 45
		Session(CookieName & "_username") = UserName
		Response.Redirect(Request.ServerVariables("HTTP_REFERER"))
	else 
		goback("您的帐号或密码错误！")
	end if
end sub

sub logout()
	Session(CookieName & "_username")=""
	Response.Redirect("index.asp")
end sub

Sub footer()
response.Write("</body></html>")
'关闭所有连接
If conn.state <> 0 Then 
	conn.close
	set conn = nothing
end if
End Sub
%>
